Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
04.25.16As penetration testers, through the years, we have learned one indisputable fact: There is no such thing as a 100% secure network. Sure, we have encountered wide variances in the maturity level and effectiveness of information security programs of various organizations, but we have yet to encounter an organization that is impenetrable – not even… Read more »
12.26.15It is that time of the year again, when we force ourselves to stop for a moment and reflect on the events and technologies that we have encountered over the past year then adjust our service offerings to better meet the needs of our clients and the information security industry as a whole. In our… Read more »
12.09.13We are almost to the end of another year, and it has been a busy one for us here at DirectDefense. In addition to performing our normal engagements, such as performing network and application penetration tests, we have also enjoyed a lot of positive feedback from our presentation series – Catch me if you Can. During… Read more »
12.02.13From time to time, application developers implement strong security controls. A “strong control” might not capture exactly what we will be talking about today, but it does pose a huge problem for most application scanners. We have all seen a wide usage of one-time tokens in applications (aka nonce values) that are used to deter… Read more »
10.29.13Chances are, your password policy is weak and ineffective at preventing security breaches, but there are ways to quickly fix it.
06.18.13The FDA recommendations for health care include new rules for cybersecurity for medical devices and hospital networks.
02.25.13A new HIPAA security and privacy rule and the security gaps that still exist when it comes to third-party vendors and partners.
12.19.12So like many, it is that time of year to look back on the year’s events and reflect on things, while looking forward to the coming new year. What is interesting in our industry is the fact this is the time of year that everyone does their “Top 5,10,15, 20” events/gadgets/moments blogs/news articles about security… Read more »
11.26.12So I was approached by several friends in the managed services and security operations services fields, last year, with questions about discovering an attacker that is already inside a corporate network. Specifically, both had recently had clients go through internal penetration tests and only had limited success in identifying the hacking attempts. After talking with… Read more »
10.30.12For those of you that know me, or have heard me speak before at an event, you know then how I like to tell stories to relay messages. One of the stories that I often tell is one about a client that I like to call my Model Client. The story dates back a good ten… Read more »
